lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 24 Sep 2018 10:35:24 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc:     Herbert Xu <herbert@...dor.apana.org.au>,
        "the arch/x86 maintainers" <x86@...nel.org>,
        Eric Biggers <ebiggers@...gle.com>,
        "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH crypto-next 06/23] x86/fpu: Remove VLA usage of skcipher

On Mon, Sep 24, 2018 at 4:45 AM, Ard Biesheuvel
<ard.biesheuvel@...aro.org> wrote:
> On Wed, 19 Sep 2018 at 04:11, Kees Cook <keescook@...omium.org> wrote:
>>
>> In the quest to remove all stack VLA usage from the kernel[1], this
>> replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
>> with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(),
>> which uses a fixed stack size.
>>
>> [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
>>
>> Cc: x86@...nel.org
>> Signed-off-by: Kees Cook <keescook@...omium.org>
>
> Doing some archeology on this driver, it turns out that the FPU
> wrapper was introduced to support combining the generic CTR, LRW, XTS
> and PCBC chaining modes with the AES-NI core transform. In the mean
> time, CTR, LRW and XTS support have been implemented natively, which
> leaves pcbc-aes-aesni as the only remaining user of the fpu template.
>
> Since there are no users of pcbc(aes) in the kernel, could we perhaps
> just remove this driver and all the special handling we have for it in
> aesni-intel_glue.c?

Both options get rid of the VLA, so I'm happy either way. ;)

> If not, or in case we prefer to defer that to the next release:
>
> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>

Thanks!

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ